Vanilla 1.1.9 is a product of Lussumo. More Information: Documentation, Community Support.

    •  
      CommentAuthorTrim
    • CommentTimeJul 30th 2014
     
    CNBC

    Internet of Things is the hackers' new playground,

    http://www.cnbc.com/id/101875503
    • CommentAuthorAsterix
    • CommentTimeJul 31st 2014
     
    Cybersecurity: example of an oxymoron.
  1.  
    +5
  2.  
    • CommentAuthorjoshs
    • CommentTimeAug 1st 2014
     
    It is a good essay.
    •  
      CommentAuthoralsetalokin
    • CommentTimeAug 1st 2014 edited
     
    1980:
    The government is spying on me!
    --You're paranoid, they would never do that, it's unConstitutional.

    2014:
    The government is spying on me!
    --You're paranoid, they've always been doing it, big deal. The Constitution doesn't apply to metadata anyway.
    •  
      CommentAuthorTrim
    • CommentTimeAug 1st 2014
     
    +3
  3.  
  4.  
    Another way of saying it is that DMA is a two edged sword.
    •  
      CommentAuthorDuracell
    • CommentTimeAug 1st 2014 edited
     
    Posted By: alsetalokinhttp://gizmodo.com/usb-has-a-fundamental-security-flaw-that-you-cant-detec-1613833339

    Great. That is just great.


    That's a lot of bad news—so what can you do about it? Technically speaking, very little: there's no patch of code that can be be used to solve the problem. Instead, both the USB Implementers Forum and the researchers point out that a change in the way we use USB is the only solution: don't plug a USB device into any computer you don't 100 percent trust, and don't plug untrusted USB device into your computer either. That may prove inconvenient—but it may also save you from a very nasty surprise, too.

    Hmmm .. That strikes me a being somewhat more than merely "inconvenient", what with a "trusted USB device" presumably being one you designed and built yourself, and that you also wrote and installed the firmware for yourself ...

    Also, while I might have varying degrees of confidence in the integrity of individual machines, I will be very pleasantly surprised / cognitively impaired / lobotomised the day I encounter any computer that I "100 percent trust" ...
    • CommentAuthorAsterix
    • CommentTimeAug 1st 2014
     
    I think the article grossly overstates the situation, if not completely misstates it. Read the comments.
  5.  
  6.  
    Selling protection. Looks like the NSA will be self-funding.
  7.  
    https://www.blackhat.com/us-14/briefings.html
    The Nest thermostat is a smart home automation device that aims to learn
    about your heating and cooling habits to help optimize your scheduling and
    power usage. Debuted in 2010, the smart NEST devices have been proved a
    huge success that Google spent $3.2B to acquire the whole company. However,
    the smartness of the thermostat also breeds security vulnerabilities,
    similar to all other smart consumer electronics. The severity of security
    breach has not been fully embraced due to the traditional assumption that
    thermostat cannot function more than a thermostat even though users are
    enjoying its smartness.

    Equipped with two ARM cores, in addition to WiFi and ZigBee chips, this is
    no ordinary thermostat. In this presentation, we will demonstrate our
    ability to fully control a Nest with a USB connection within seconds (in our
    demonstration, we will show that we can plug in a USB for 15 seconds and
    walk away with a fully rooted Nest). Although OS level security checks are
    available and are claimed to be very effective in defeating various attacks,
    instead of attacking the higher level software, we went straight for the
    hardware and applied OS-guided hardware attacks. As a result, our method
    bypasses the existing firmware signing and allows us to backdoor the Nest
    software in any way we choose. With Internet access, the Nest could now
    become a beachhead for an external attacker. The Nest thermostat is aware
    of when you are home and when you are on vacation, meaning a compromise of
    the Nest would allow remote attackers to learn the schedule of users.
    Furthermore, saved data, including WiFi credentials, would now become
    available to attackers. Besides its original role of monitor the user's
    behavior, the smart Nest is now a spy rooted inside a house fully controlled
    by attackers.

    Using the USB exploit mentioned above, we have loaded a custom compiled
    kernel with debug symbols added. This enables us to explore the software
    protocols used by the nest, such as Nest Weave, in order to find potential
    vulnerabilities that can be remotely exploited. Loading a custom kernel
    into the system also shows how we have obtained total control of the device,
    introducing the potential for rootkits, spyware, rogue services and other
    network scanning methods, further allowing the compromise of other nodes
    within the local network.

    presented by Yier Jin & Grant Hernandez & Daniel Buentello
  8.  
    Quick! Somebody design a physical key-lock device that you can plug into your usb ports! Meanwhile, there is always superglue and popsickle sticks.
  9.  
    I was right! Superglue!

    http://www.wired.com/2014/07/usb-security/
    Basically the same info as the gizmodo article but better written.

    The malware they created,
    called BadUSB, can be installed on a USB device to completely take over a
    PC, invisibly alter files installed from the memory stick, or even redirect
    the user's Internet traffic. Because BadUSB resides not in the flash memory
    storage of USB devices, but in the firmware that controls their basic
    functions, the attack code can remain hidden long after the contents of the
    device's memory would appear to the average user to be deleted. And the two
    researchers say there's no easy fix: The kind of compromise they're
    demonstrating is nearly impossible to counter without banning the sharing of
    USB devices or filling your port with superglue.
    •  
      CommentAuthorAngus
    • CommentTimeAug 2nd 2014
     
    Posted By: alsetalokinhttp://www.foreignpolicy.com/articles/2014/07/29/the_crypto_king_of_the_NSA_goes_corporate_keith_alexander_patents

    Now what the flmp is wrong with _that_ picture.



    Don't you have rules? Retirement from sensitive publicly funded jobs should carry an automatic exclusion from seeking related work for a specified time. The usual issue is civil servants quitting and going back to work as lobbyists. It's forbidden here.
  10.  
    Of course we have rules.

    Might makes Right.
    Manifest Destiny.
    Eminent Domain.
    Survival of the Richest.
    God said it, I believe it, and That settles it.

    And of course... Freedom is slavery, war is peace and ignorance is strength.
  11.  
    I forgot
    Eat here, diet home.
  12.  
    Oldthinkers unbellyfeel Ingsoc!